Only a very small amount of data expansion is involved when using RSA. For
encryption, a message may be padded to a length that is a multiple of the
block length, usually 64 bits, since RSA is usually combined with a
secret-key block cipher such as DES (see Question 3.2.12).
Encrypting the DES key takes as many additional bits as the size of the RSA
modulus.

For authentication, an RSA digital signature is appended to a document. An
RSA signature, including information such as the name of the signer, is
typically a few hundred bytes long. One or more certificates (see Question
3.3.5) may be included as well; certificates can be used in
conjunction with any digital signature method. A typical RSA certificate is
a few hundred bytes long.